How To Get LegitScript Certified & Why It's Important
Accept online payments, advertise with top platforms and more.
The age of digital medicine is here, making access to healthcare systems more seamless and convenient. However, as practical as this might be, it also means that there are extra precautions organizations have to take to protect their credibility and the safety of their patient population.
One way to ensure companies protect those they serve is by bringing in third parties to assess healthcare compliance. For quality assurance and performance improvement, it might be NCQA, but for online transactions and digital advertising, the industry refers to LegitScript.
Therefore, it’s a crucial component to your marketing and compliance efforts. Read on to learn more about the history of LegitScript, what they do and why becoming certified is essential to your virtual care platform.
LegitScript: An overview
If you work in the healthcare or digital health industry, you’ve likely heard about LegitScript or seen the LegitScript Seal of Approval on a website. But what is LegitScript really all about?
What is LegitScript?
Founded in 2017, LegitScript is an Oregon-based company that was developed to combat the increasing number of harmful counterfeit pharmaceuticals sold online. Its goal is to make payment ecosystems safe and transparent for consumers while mitigating risks for sellers.
Now, with the medical e-commerce market growing, we’re seeing increased cybercrimes. It’s more important than ever to implement robust measures that help distinguish legitimate healthcare businesses from fraudulent or untrustworthy entities, ensuring both patient safety and industry integrity.
Fortunately, this is where LegitScript steps in.
3 reasons why a LegitScript Certification is important for your digital health business
If you want to complete card-not-present transactions and advertise with fewer barriers, you’ll want your website to be LegitScript Certified. In addition, taking steps to maintain healthcare compliance gives people extra assurance before and while working with you. It’s a win-win for everyone!
Here are some of the benefits of doing so:
1. Align with major credit card providers
Credit card companies require telemedicine providers, for example, to register as high-risk merchants to protect consumers. Businesses like that require extra monitoring due to their increased operational, regulatory and reputational risk. To ensure they’re up to par, major card brands, like Mastercard, may have rules regarding ongoing monitoring and fraud detection. LegitScript monitors compliance, making it easier for all involved parties to stay on track.
2. Advertise on top platforms
Another example is advertising, specifically Google. In the United States, Google only allows online pharmacies and addiction services to advertise if they have a LegitScript certification or NABP accreditation. Therefore, this certification is essential to any external advertising or marketing efforts.
Also, let’s not overlook the use of social media platforms like Meta to search for healthcare services. For example, If licensed mental health practitioners want their online practice to appear, they must be LegitScript Certified to promote their services on those channels.
3. Build trust among patients and regulatory bodies
Third-party accreditation matters, especially in the medical industry. Patients and other stakeholders feel better about working with those with more certifications and qualifications.
Displaying the LegitScript-certified badge on your website tells others you've undergone a rigorous vetting process and are routinely monitored. In other words, it showcases your legitimacy and boosts your credibility.
How do you get LegitScript Certified?
Now that you know what LegitScript is and why certification is necessary, let’s discuss how you can earn your LegitScript Healthcare Certification.
At OpenLoop, we know a thing or two about the process having obtained our Healthcare Merchant Certification from LegitScript in 2023. We’ve also helped hundreds of our own clients navigate the application process and become certified.
So, without further adieu, here’s what you need to know.
Getting started
If you haven’t already, create an account at https://certification.legitscript.com/s/. You’ll need to provide your contact information and pay the one-time new certification application fee. As of this writing, the cost is $975 per website. If you’re later approved, you’ll also need to pay an annual fee of $2,150 per website.
Once you’ve set up your account and paid the fee, you’ll move on to their questionnaire.
Please note that LegitScript has 11 certification standards, each categorized into one of three categories: registration and compliance, internal practices and external practices.
Registration and compliance
In this section, they want to learn more about your company and confirm that you are licensed to provide the services you offer.
Four standards fall under this category, which are:
Licensure/registration
Legal compliance
Domain name registration
Applicant location
When completing this section, merchants should expect to do some of the following:
Name each bank/payment provider your business has a merchant account with.
Share any merchant billing descriptor(s) your company uses.
List your National Provider Identifier (NPI), if applicable.
Document if your company currently holds, plans to obtain, cancel, or has lost any additional accreditation besides LegitScript certification.
If you’re a telemedicine provider, you must include all physician, pharmacy, and pharmacist licensure, as applicable.
Upload corporate registrations held by your business.
Include all jurisdictions to which your business ships or provides services.
Make sure your website has a U.S. HIPAA-compliant privacy policy.
Upload DEA certificates if they prescribe or dispense controlled substances.
And more
Internal practices
Pharmacies and telemedicine providers with an online presence must ensure their staff and affiliates have the necessary qualifications. As stated by Legitscript, “The pharmacy, business or medical practice, website, staff, any associated medical personnel, domain name registrant and any person or entity that exercises control over, or participates in, the business must not be affiliated with or control any other entity that violates these standards.”
Two standards fall under this category:
Prior discipline
Affiliates
Applicants should include and be aware of the following:
Share any litigation, whether commenced, resolved or otherwise, that you’ve been involved in at any time over the past ten years.
Applicants and their key staff must disclose any prior criminal, regulatory or civil violations.
Share if your company has been on HHS's List of Excluded Individuals/Entities within the last five years.
The promoted URL must be certified if a platform promotes or links to a third-party provider or provider group for telehealth services.
And more.
External practices
In this final category, LegitScript wants to ensure your treatment practices and patient services comply with applicable laws.
There are five standards under this category, which are:
Patient services
Privacy
Controlled substances
Validity of prescription
Transparency
For this part of the questionnaire, you’ll need to:
Ensure your advertising claims comply with the Food and Drug Administration (FDA) guidelines.
If you sell compounded medications, you must complete a spreadsheet about each product, quality assurance methods and patient safety.
Create a test patient account and provide LegitScript with a username and password to access your patient/client portal.
Ensure all affiliates or affiliations with your business also comply with LegitScript’s Certification Standards.
Telemedicine providers have to submit a spreadsheet explaining how their telemedicine practice adheres to applicable laws and regulations.
And more.
Following the LegitScript Certification Application submission
Once you submit your application, their internal team will review it for completeness. If everything they requested is included, they will submit it to their analysts. If information is missing, your application will be at a standstill until you provide it, as they can’t advance without it. Therefore, it’s essential to follow up promptly.
The analysts will thoroughly review your application, ensuring that each listed provider complies with all local and national laws and regulations and LegitScript’s terms and conditions.
The length of time required for the certification process varies, as each application is unique and complex. However, we’ve found that it usually takes 2 to 4 months. LegitScript offers an expedited processing service for those who want to speed things up.
Your application is approved - now what?
If you’re approved, you’ll enjoy the benefits mentioned above and be able to showcase the LegitScript Seal of Approval on your website. However, there are also some things you’ll have to do to maintain your LegitScript Certification.
For example, you must participate in ongoing monitoring and cannot use an anonymous domain name registration. You also must comply with the laws regarding where you operate from or ship to and places you offer to ship products to.
Additionally, you will need to renew your certification every year. This yearly renewal ensures each entity remains in compliance.
Partner with a LegitScript Certified telehealth provider
As mentioned, if you work with any affiliates, including persons and entities, they must comply with LegitScript's program standards. Therefore, to avoid hiccups in the application process, the best thing to do is work with a LegitScript certified vendor..
At OpenLoop, we make it a priority that not only our own organization but all of our partners adhere to the highest compliance standards. We’ve helped hundreds of our clients navigate their LegitScript certification, but that’s not all we support. .
We are the go-to, white-labeled infrastructure provider for digital health. Go-to-market faster with our complete suite of digital health solutions. From provider staffing to regulatory maintenance to patient billing and more — you bring the patients and we handle the rest.
Interested in learning more? Get in touch here!
Our full suite of white-labeled virtual care infrastructure solutions include: